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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH (S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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earned patent term adjustment. See 37 CFR 1.704(b). 
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1 )I3 Responsive to communication(s) filed on 24 November 2004 . 
2b)M This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4) S Claim(s) 1-23 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) M Claim(s) 1-23 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)S The drawing(s) filed on 24 November 2004 is/are: a)S accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 1 1 9 
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2. D Certified copies of the priority documents have been received in Application No. . 
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application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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Response to Amendment 

1 . Claims 21-23 have been added. 

2. Claims 1-3,6,9-10, and 12-17 have been amended. 

3. Claims 1-23 are pending. 

Specification 

4. The specification filed on 24 November 2004 has been accepted by the 
Examiner. 

5. With regards to claims 6-7,9, and 16, the informalities have been corrected and 
are accepted by the Examiner. 

Drawings 

5. The drawings were received on 24 November 2004. These drawings are 
acceptable. 

Response to Arguments 

1 . Applicant's arguments filed 24 November 2004 have been fully considered but 
they are not persuasive. 

2. Referring to the rejection of claims 1 and 13, the Applicant contends and argues 
that the prior art Shambroom does not teach nor disclose effective user id or root-only 
readable files including one or more security keys. The Examiner disagrees and asserts 
that Shambroom does teaches means for an effective user id which is a Kerberos user 
principal name which is defined as login information prior to authentication as shown in 
Column 10, lines 39-41 . After authentication is performed, the key distribution center 
maintains root-only read access to the private key, by incorporating a permission 
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indicator which encrypts the private key, therefore, the client is able to authenticate itself 
with the KDC after verification is successful, and the contents of the private key are 
accessed by the client which include one or more security keys, i.e.) client user key, 
client secret key, KDC private key, KDC session key, as shown in Column 10, lines 43- 
67 and Column 1 1 , lines 1-41 .. 

3. Referring to the rejection of claim 17, the Applicant contends and argues that the 
prior art Shambroom does not teach nor disclose effective user id or root-only readable 
files including one or more security keys. The Examiner disagrees and asserts that 
Shambroom does teaches means for an effective user id which is a Kerberos user 
principal name which is encrypted as login information prior to authentication as shown 
in Column 8, lines 19-26. After authentication is performed, the key distribution center 
maintains root-only read access to the private key, by incorporating a permission 
indicator which encrypts the private key, therefore, the client is able to authenticate itself 
with the KDC after verification is successful, and the contents of the private key are 
accessed by the client which include one or more security keys, i.e.) client user key, 
client secret key, KDC private key, KDC session key, as shown in Column 8, lines 27- 
54. 

4. Therefore, the rejections of claims 1-23 are maintained in view of the reasons 
above and in view of the reasons below. 
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DETAILED ACTION 
Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1-16, and 20-23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Shambroom (U.S. Patent No. 5,923,756) and further in view of Schell 
et al. (U.S. Patent No. 6,615,350). 

Regarding claims 1 ,6,9, and 16, Shambroom teaches a method for persisting 
and recovering 

security keys in order to authorize a daemon or a command-line interface ("CLI") 
comprising: 

reading, with root as an effective user id, one or more security keys into a cache, 
wherein the root enables the reading of files including the one or more security keys 
(col. 10 line 55 thru col. 11 line 7), 

attempting to retrieve a private key from the cache using a real user id, wherein 
the cached certain security keys may include the private key (col.1 1 lines 12-13); and 

determining if the private key was retrieved from the cache, wherein a failure to 
retrieve the private key from the cache indicates that authorization failed (col.1 1 lines 
44-46). 

Shambroom does not teach the private key may be used to digitally sign a 
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message, compare the message signed with the public key to the message copy signed 
with the private key, nor determine if the message is authorized based on the 
comparison of the message signed with the public key to the message signed with the 
private key. Schell teaches the private key may be used to digitally sign a message 
(col. 17 lines 16-18). Schell teaches using the digital signature, comparing it to the 
message copy signed and determining the authorization, (col. 17 lines 42-67, col. 18, 
line 1-37, col. 19, lines 33-41 and col. 20, lines 67 thru col .21, lines 1-24) It would have 
been obvious to one of ordinary skill in the art at the time of the invention to combine 
Shambroom's method for providing secure remote command execution with Schell's 
module authentication method in order to allow a sender and receiver of a 
communication system to verify the integrity and authenticity of messages sent (Schell 
col.3 lines 1-9). 

Regarding claim 2, Shambroom and Schell in combination teach the method of 
claim 1 , in addition Shambroom teaches setting, with the root as the effective user id, 
the certain security keys, wherein the setting step triggers performance of the reading 
step (col. 10 line 55 thru col.1 1 line 7). 

Regarding claim 3, Shambroom and Schell in combination teach the method of 
claim 2, in addition Shambroom teaches calling a setKeys method, wherein the setKeys 
method includes the reading step (col. 10 line 55 thru col.1 1 line 7). 

Regarding claim 4, Shambroom and Schell in combination teach the method of 
claim 3, in addition Shambroom teaches failure to retrieve the private key from the 
cache is caused by an error in the setKeys method (col.1 1 lines 44-46). 
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Regarding claim 5, Shambroom and Schell in combination teach the method of 
claim 2, in addition Shambroom teaches entering the CLI, wherein the CLI is entered by 
a non-root user on a managed node and the private key is a security key of the 
managed node (col.1 1 line 64 thru col. 12 line 25; col. 12 lines 43-54). 

Regarding claim 7, Shambroom and Schell in combination teach the 
method of claim 6, in addition Schell teaches wherein the message comprises an 
executable, the method further comprising: if the message is authorized, executing the 
executable (Schell, col. 14 line 22 thru col. 15 lines 1-6). 

Regarding claim 8, Shambroom and Schell in combination teach the method of 
claim 1, in addition Shambroom teaches running a daemon process, wherein the 
daemon is run on a managed node and the private key is a security key of the managed 
node (col. 1 1 line 64 thru col. 12 line 25., col. 12 lines 43-54). 

Regarding claim 10, Shambroom and Schell in combination teach the method of 
Claim 1 in addition Shambroom teaches the reading step is performed by an 
authentication class (col. 8 lines 1-43). 

Regarding claim 11, Shambroom and Schell in combination teach the method of 
claim 10, in addition Shambroom teaches the cache is a private variable in the 
authentication class (col.8 lines 42-54). 

Regarding claim 12, Shambroom and Schell in combination teach the method of 
claim 1, in addition Schell teaches generating a security key pair, wherein the security 
key pair comprises the private key and a corresponding public key (col.20 lines 44-49); 
serializing the security key pair as a key file (col. 16 lines 26-29: col. 16 lines 47- 



Application/Control Number: 09/813,564 Page 7 

Art Unit: 2137 

54. col. 20 lines 44-49). Shambroom teaches storing the key file, wherein the reading 
step comprises de-serializing the key file and reading the key file into the cache (col. 8 
lines 42-54). 

Claims 13-15 are substantially equivalent to claim 1-3 respectively, therefore 
claims 13-15 are rejected because of similar rationale. 

Regarding claims 20-23, Shambroom teaches the method of claims 20-23, but 
does not teach the authentication class is a Java class running in a Java Virtual 
Machine, the method further comprising: initializing the Java Virtual Machine. Schell 
teaches the authentication class is a Java class running in a Java Virtual Machine, the 
method further comprising: initializing the Java Virtual Machine (col. 31 lines 15-21). It 
would have been obvious to one of skill in the art at the time of the invention to have 
combine Shambroom's secure communication method with Schell et al.'s module 
authentication and binding library extensions systems in order to provide a real-time 
challenge which protects against unauthorized users. (See Schell et al., col. 10, lines 
41-57) 

Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 
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8. Claims 17-19 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Shambroom ((U.S. Patent No. 5,923,756). 

Regarding claim 17, Shambroom teaches a method for persisting and recovering 
security keys in order to authorize a daemon or a CLI, comprising: 

initializing an authentication class, wherein the authentication class comprises a 
setKeys method that includes a reading step ; 

calling, with root as an effective user id, the setKeys method of the authentication 
class, wherein the toot enables the reading of files including security keys; 

reading necessary security keys into a cache with the root; and 

retrieving the necessary security keys from the cache using a real user id (col. 8 
lines 1-54). 

Regarding claim 18, Shambroom teaches the cache is a private variable in the 
authentication class (col. 8 lines 42-54). 

Regarding claim 19, Shambroom teaches the necessary security keys are a 
private key of a managed node on which the authentication class is running (col. 12 
lines 43-55) and a public key of a central management server to which the managed 
node is operatively connected (col. 10 lines 25-35). 

Conclusion 

9. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
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TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE- MO NTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Courtney D. Fields whose telephone number is 571- 
272-3871 . The examiner can normally be reached on Mon - Thurs. 6:00 - 4:00 pm; off 
every Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on 571-272-3868. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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